Vulnerability Description
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 31.0.1650.48 | |
| Oracle | Solaris | 11.3 |
| Artifex | Gpl Ghostscript | < 9.03 |
| Libjpeg-Turbo | Libjpeg-Turbo | < 1.3.1 |
| Fedoraproject | Fedora | 18 |
| Opensuse | Opensuse | 12.2 |
| Canonical | Ubuntu Linux | 10.04 |
| Debian | Debian Linux | 7.0 |
| Mozilla | Firefox | < 24.2 |
| Mozilla | Seamonkey | < 2.23 |
| Mozilla | Thunderbird | < 24.2.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2013-0333.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.htmlBroken Link
- http://bugs.ghostscript.com/show_bug.cgi?id=686980Issue TrackingVendor Advisory
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.htmlVendor Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.hMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.hMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.hMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2013-6629?
CVE-2013-6629 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain dupl...
How severe is CVE-2013-6629?
CVE-2013-6629 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6629?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Oracle Solaris, Artifex Gpl Ghostscript, Libjpeg-Turbo Libjpeg-Turbo, Fedoraproject Fedora.